A Conversation with Travis Knapp-Prasek of NCC Group on Phishing Attacks

A Conversation with Travis Knapp-Prasek of NCC Group on Phishing Attacks

While phishing attacks are a serious cybersecurity concern, they can be hard to conceptualize. Often, enterprises believe phishing attacks happen to other companies. However, they can absolutely happen to your business, and the results can devastate your business without the right cybersecurity.  

To learn more, we spoke with Travis Knapp-Prasek, associate security consultant at the NCC Group. The NCC Group is a global expert in cybersecurity and risk mitigation working to help businesses identify, assess, mitigate, and respond to risks. 

Here’s our conversation: 

A Conversation with Travis Knapp-Prasek on Phishing Attacks

Solutions Review: How common are phishing attacks?

Travis Knapp-Prasek: Quite common. The barrier of entry to create a phishing attack is low. Anyone can find an email address and reach out to it with a message of their choosing.

SR: Approximately how often would you say enterprises and employees face them?

TKP: Since most email systems run 24/7, the door is always open for a phishing email to be sent and received. My personal email address is endlessly receiving phishy emails that luckily usually end up in the spam folder.

SR: And what are the potential consequences of a successful phishing attack?

TKP: The consequences depend on what the attacker is trying to gain access to. Credential harvesting is a common goal, which can include the usernames and passwords to an employee’s email account, VPN connection, or company web portal.                                                                                          

SR: What are some of the blatant signs of a phishing attack email that employees should recognize immediately?

TKP: Anything that seems out of the ordinary that hasn’t been discussed by your employer beforehand should raise an eyebrow. With the rise of remote work, this can be a little more difficult due to the reliance upon email versus face to face communication. An unexpected gift or awards program, for instance, should raise a red flag, as should any email that includes a link to a site you don’t recognize that’s asking for your username and password. Checking the URL in the address bar can display misspellings of the company name.

SR: Your research has determined the clever use of fonts can conceal phishing attacks. Could you describe your findings in more detail?

TKP: A malicious actor needs to host their campaign somewhere on a website. One method to deceive the eyes is by using letters in the domain names that look like other letters. Lowercase L and uppercase i render exactly the same in most computer platforms due to the use of sans-serif fonts. If a company has the letter L in their name and hasn’t registered the misspelled domain name with i replacing the L , that’s an opportunity for an attacker to own and use a domain name that would deceive people.

SR: Based on your research, what can employees and companies do to recognize more devious phishing attacks? 

Travis Knapp-Prasek:

  • Look at the email address closely. Some email platforms allow you to “view more” information about the email headers which can show where the email was actually sent from.
  • Hesitate before entering your credentials or password for any new service you haven’t seen before. If it’s a request to update your password for a certain company service, reach out to your technical support team before doing so.
  • It takes a shift in the state of mind to assume any email sent to you could be malicious, but it’s worth having your guard up.

Thanks to Travis Knapp-Prasek for his time and expertise in phishing attacks. For more on phishing protection and cybersecurity, check out the Solutions Review SIEM Buyer’s Guide.

Ben Canner